| Age | Commit message (Collapse) | Author |
|---|
|
Previously when there were no load options, this would go in the debug
log:
load-options.c:313:parse_load_options() full load options:
include/hexdump.h:92:vhexdumpf() hexdump of a NULL pointer!
This changes it to say:
load-options.c:315:parse_load_options() LoadOptions is empty
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
Add the ability for shim to load an optional configuration file. This
new file is called "options.csv". The configuration file is completely
optional. If used, it is located in the same directory as the booted
shim. The "options.csv" file currently allows a single entry. Other
options could be added to it in the future. The first and only entry in
the file is the name of the secondary boot loader shim will load. The
"options.csv" file is in Unicode LE format.
This allows a signed shim to directly load a UKI without the need to
rename it to grub. Shim's transitive trust is maintained. If the
alternative 2nd stage can not be verified, it will not boot.
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
|
|
When looking for load option optional data, the parser asserts that the
byte after the end of device path node is the same as what the file path
length says it should be. While unusual, it is valid if the end of
device path node comes before the end of the file path list.
That supports some unusual Dell load options where there are two device
paths in the list but the first is terminated by an End Entire Device
Path. Maybe they intended to use an End Device Path Instance node there?
Who knows. Either way, treating it as invalid ends up trying to read
paths from the beginning of the option with obviously poor results.
Fixes: #649
Signed-off-by: Dan Nicholson <dbn@endlessos.org>
|
|
Windows bcdedit.exe creates boot entries where load options
begin with "WINDOWS\0" (in 8-bit chars), followed by some
Windows-specific data which is useless for shim. This data
causes shim error "Failed to open \EFI\mypath\䥗䑎坏S".
Resolves: #370
Signed-off-by: Lauri Kenttä <lauri.kentta@gmail.com>
|
|
When LoadOptions is either L" " or L"shim.efi ", parse_load_options sets
second_stage to the empty string. This is unlikely to be what is intended, and
typically leads to a non-obvious failure mode.
The failure happens because parse_load_options's call to split_load_options
(after eating shim's own filename, if present) returns the empty string. Since
init_grub typically passes second_stage to start_image, this causes read_image
to concatenate the empty string onto the directory name. This means PathName
refers to the directory, not the path to a pe image. Then load_image
successfully opens a handle on the directory and reads "data" from it. It only
eventually fails when handle_image calls read_header which finds that this data
isn't in fact a pe header, reporting "Invalid image".
This scenario has been seen when shim is loaded via rEFInd 0.11.5, which sets
LoadOptions to the name of the shim program followed by a space character.
Instead, modify parse_load_options to leave second_stage set to its default
value rather than the empty string.
Signed-off-by: Jonathan Davies <jonathan.davies@nutanix.com>
|
|
In 6c8d08c0af4768c715b79c8ec25141d56e34f8b4 ("shim: Ignore UEFI
LoadOptions that are just NUL characters."), a check was added to
discard load options that are entirely NUL. We now see some firmwares
that start LoadOptions with a NUL, and then follow it with garbage (path
to directory containing loaders). Widen the check to just discard
anything that starts with a NUL.
Resolves: #490
Related: #95
See-also: https://bugzilla.redhat.com/show_bug.cgi?id=2113005
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
|
Dump the load options before parsing them so that we can
see which things are failing to parse.
|
|
Some firmware feeds the LoadOptions with an odd length when booting from
an USB device(*). We should only skip this kind of LoadOptions, not fail
it, or the user won't be able to boot the system from USB or CD-ROM.
(*) https://bugzilla.suse.com/show_bug.cgi?id=1185232#c62
Signed-off-by: Gary Lin <glin@suse.com>
|
|
This adds tests for all the cases we've documented in the
set_second_stage() comments. Each test checks that all of second_stage,
loader_str, and loader_str_size are set correctly.
Note that this adds a dependency on libefivar to build device paths to
test against.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
This moves set_second_stage() and some of the helper functions it uses
out of shim.c, so that it's easier to write test cases for.
Signed-off-by: Peter Jones <pjones@redhat.com>
|
